JP2009245227A - Information storage device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an information storage device capable of updating key and data stored inside, without affecting a key assigned to a user. <P>SOLUTION: The information storage device includes an information encryption part in which information is encrypted using a first key to generate encrypted information, an information storage part which stores the encrypted information, an information decoding part which decodes the encrypted information using the first key, a first key decoding part in which the first encrypted key encrypted with a second key is decoded using the second key and is input in the information decoding part, a second key storage part in which a plurality of second encrypted keys encrypted with respective third keys are stored, and a second key decoding part in which the second encrypted key is decoded using the third key and is input in the first key decoding part. It also includes a key updating part in which a new first key is generated according to a received command for updating, the information generated with the original first key is encrypted using a new first key via the information encrypting part to overwrite the information storage part, and then the new first key is encrypted with the second key to generate a new first encrypted key for overwriting. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to an information storage device.

  As an information storage device that stores information, an information storage device of a type that stores information after encryption is known. For example, in a magnetic disk drive, information sent from the outside is encrypted and stored with an encryption key, and further this encryption key is encrypted and stored with a user password, so that an appropriate password is input. In this case, the stored information can be read out. Data stored in the information storage device may be used jointly by a plurality of users, and password management suitable for use by a plurality of users is required.

  Here, for example, in the field of network systems, a technique for managing a group password by providing a password management server in a system that shares information among a group of a plurality of users is known (see, for example, Patent Document 1). ). In this system, when a user belonging to a group is changed, the management server updates the group password and distributes it to all users in the group.

  FIG. 1 is a block diagram showing a schematic configuration of a hard disk device (HDD) as a conventional information storage device. In FIG. 1, double circles indicate encrypted state information, and triangles indicate decrypted state information.

  Data D91 input to the HDD 9 shown in FIG. 1 along the flow indicated by the broken line from the outside of the HDD 9 is encrypted by the data encryption / decryption unit 95 and written to the magnetic disk 98 as a recording medium. The data encryption / decryption unit 95 performs encryption and decryption using the data key K91. The data key K91 is encrypted with passwords P91, P92, and P93 assigned to a plurality of users, and stored in the magnetic disk 98 as encryption keys Km91, Km92, and Km93.

  The data Dm91 stored in the HDD 9 can be used outside the HDD 9 by inputting any one of the three passwords P91, P92, and P93.

  FIG. 2 is a flowchart showing a process of reading data in the HDD shown in FIG.

In the reading process of FIG. 2, first, a password assigned to the user is input to the HDD 9 together with a data reading command from a host computer (not shown) used by the user (S91). The HDD 9 determines whether or not the password is legitimate (S92). If the password is legitimate, the HDD 9 decrypts the stored encrypted data key Km using the password and obtains the data key K91. (S93). Thereafter, the encrypted data Dm91 is read from the magnetic disk 98, decrypted using the decrypted data key K91 (S94), and data D91 in an externally usable state is output (S95).
JP 2007-49455 A

  If the values of the encrypted data Dm91 and the data key K91 stored in the magnetic disk 98 of the HDD 9 are fixed without being updated, there is a risk that the data will be decrypted if an unauthorized decryption is attempted by a third party. Increasing with time. For this reason, it is preferable to update the value of the data key K from time to time and re-encrypt the data on the magnetic disk.

  FIG. 3 is a flowchart showing processing for changing a data key in the HDD shown in FIG.

  When the HDD 9 is instructed to change the data key (S96), the password entered along with the instruction, that is, one of the three passwords P91, P92, and P93 is used to store the encrypted data key Km91. Decryption is performed to obtain the current data key K91, and the obtained data key K91 is changed to another value data key K91N (S97).

  The HDD 9 encrypts the changed data key K91N using the input password and stores it in the magnetic disk 98 (S98). The encrypted data Dm91 stored in the magnetic disk 98 is once read, decrypted with the data key K91 before the change, encrypted with the changed data key K91N, and stored in the magnetic disk 98 (S99). In this way, the data key change and the data re-encryption are completed.

  However, if the data key is changed by the process shown in FIG. 3, there arises a problem that the change of the data key is applied only to the input password.

  FIG. 4 is a diagram for explaining the encryption state of the data key in the HDD shown in FIG. The key arranged in the password frame in FIG. 4 indicates that this key is encrypted with the password.

  In the data key changing process described with reference to FIG. 3, for example, when one password P92 is input from among the three passwords P91, P92, and P93, the encrypted data key Km92 is decrypted using the input password P92. The value of the obtained data key K92 can be changed. However, the data key K92N whose value has been changed can be encrypted and stored with the input password P92, but cannot be encrypted with the remaining input passwords P91 and P93. As a result, when any one of a plurality of users having passwords performs a data key change process on the HDD 9, a new data key cannot be obtained for the remaining users, and the data in the magnetic disk is used. Can not do it.

  Unlike the network system described above, the information storage device used as the auxiliary storage device of the computer has only one password that can be entered at the same time, and does not hold or manage the password itself. The new data key cannot be re-encrypted with the password.

  In view of the above circumstances, the present disclosure discloses that an information storage device is assigned to a user when a plurality of keys are assigned to a plurality of users and data is encrypted using the input key and the key stored therein. Provided is an information storage device for updating a key and data stored therein without affecting the stored key.

The basic form of the information storage device disclosed herein is:
An information encryption unit that encrypts information with a first key used for both encryption and decryption of the information to generate encrypted information;
An information storage unit for storing the encrypted information encrypted by the information encryption unit;
An information decryption unit which receives the first key and uses the first key to decrypt the encrypted information stored in the information storage unit to generate the information;
A first key storage unit for storing a first encryption key, wherein the first key is encrypted with a second key used for both encryption and decryption of the first key;
When the second key is input and the second key is used, the first encryption key stored in the first key storage unit is decrypted to generate the first key. A first key decryption unit for inputting a first key to the information decryption unit;
A second key storage unit that stores a plurality of second encryption keys that are encrypted with a plurality of third keys used for both encryption and decryption of the second key. When,
The third key is inputted, and the third key is used to encrypt the second encryption key stored in the second key storage unit with the inputted third key. A second key decryption unit that decrypts a second encryption key to generate the second key, and inputs the generated second key to the first key decryption unit;
An information output unit that receives the information output command and outputs the information generated by the information decoding unit;
In response to the key update command, a new first key is generated in place of the first key generated by the first key decryption unit, and the information encryption unit receives the original first key in the information decryption unit. The information generated by the key is encrypted with the new first key, and the encrypted information stored in the information storage unit is rewritten with the new encrypted information generated with the new first key. The new first key is encrypted with the second key generated by the second key decryption unit to generate a new first encryption key, and the new first encryption key is used to generate the first key. A key update unit that rewrites the first encryption key stored in the one-key storage unit.

  According to this basic mode, in the key update, the information stored in the information storage unit is updated with the new first key, and the new first key is used as the second key that is an intermediate key. The first encryption key is generated by performing encryption and is rewritten. For this reason, in the above key update, for example, the information stored in the information storage unit and the first key are updated without changing a plurality of third keys assigned to the user.

  As described above, according to the basic form of the information storage device, in the key update, for example, the information stored in the information storage unit and the first information can be changed without changing the plurality of third keys assigned to the user. The key is updated.

  In contrast to the basic mode, an application mode in which the second key includes unique information unique to the information storage device is preferable.

  According to this preferred application mode, since the second key is different for each information storage device, even if the second key is obtained externally by some method from a certain device, the second key is used. Can be prevented from being illegally read out by being input to other devices.

In addition to the basic form,
A variable value storage unit for storing variable values and having a fixed location;
A variable value update unit that updates the value of the variable stored in the value storage unit,
The first key storage unit stores a first encryption key obtained by encrypting the first key with a combination of the second key and a value stored in the variable value storage unit. ,
The first key decryption unit stores the first encryption key stored in the first key storage unit in the second key generated by the second key decryption unit and the variable value storage unit. An application mode in which the first key is generated by decrypting with a combination with a certain value is preferable.

  According to this preferred application mode, the value set as the value of the variable used for generating the first key can be selected from arbitrary values. Therefore, even when the second key is acquired from a certain device by some method, it is possible to prevent the information from being illegally used by inputting the second key to another device.

  Specific embodiments of the information storage device described above for the basic form and the application form will be described below with reference to the drawings.

  FIG. 5 is a block diagram showing a hardware configuration of the HDD, which is a specific first embodiment of the information storage device.

  The HDD 1 shown in FIG. 5 is used by being connected to the host computer H, stores data sent from the host computer H, reads out the stored data, and outputs it to the host computer H.

  The HDD 1 includes an interface unit (I / F) 11 that exchanges data and commands with the host computer H, a data encryption / decryption unit 15 that encrypts and decrypts data, and a magnetic disk (DISK) 18 on which data is recorded. And an MPU (Micro Processing Unit) 19 as a control unit and a flash ROM 20.

  The I / F 11 receives a data write command, a data read command, a key update command, and the like from the host computer H. The MPU 19 executes processing by controlling each unit of the HDD 1 according to the command received by the I / F 11.

  For example, in the case of a data write command, data received following the command is encrypted by the data encryption / decryption unit 15 using a key. The encrypted data is written to the magnetic disk 18. When a data read command is received, the data read from the magnetic disk 18 is decrypted using the key by the data encryption / decryption unit 15, and the decrypted data is transmitted from the I / F 11 to the host computer H. Is output.

  The flash ROM 20 stores firmware and constants as programs that can be executed by the MPU 19. The MPU 19 executes various processes by executing the firmware stored in the flash ROM 20. The flash ROM 20 also stores variables.

  The data encryption / decryption unit 15 encrypts and decrypts data. The data encryption / decryption unit 15 uses Advanced Encryption Standard (AES) for encryption and decryption, but other common key algorithms such as triple DES can be adopted besides AES.

  A data write command and a data read command sent from the host computer H to the HDD 1 are accompanied by a password. The MPU 19 generates a shared key to be supplied to the data encryption / decryption unit 15 using the password sent from the host computer H. In the HDD 1, data can be shared by a plurality of users. Each user is assigned a different password. Any user to whom a password is assigned can read and use data stored in the HDD 1 by other users. The host computer H transmits a password corresponding to the user using the host computer H to the HDD 1 along with the data write command and the data read command. The MPU of the HDD 1 generates a common shared key to be supplied to the data encryption / decryption unit 15 from any of the assigned passwords. Further, the MPU 19 updates the shared key in response to the key update command, and updates the data stored in the magnetic disk 18 to the content encrypted with the changed shared key. The HDD 1 is also provided with a drive device for driving the magnetic disk 18 and the like, and a RAM for storing the calculation data of the MPU 19. However, these components and functions are not described in detail and illustrated. To do.

  FIG. 6 is a block diagram showing a schematic configuration of blocks related to encryption / decryption of the HDD shown in FIG. In FIG. 6, double circles indicate encrypted information, and triangles indicate encrypted information.

  The HDD 1 includes a data input / output unit A that exchanges data with a host computer H outside the HDD 1, a password input unit B that receives a password from the host computer H, a data encryption / decryption unit 15 that performs encryption and decryption of data, Information storage unit 18A for storing encrypted data, first key encryption / decryption unit 191 responsible for encryption and decryption of shared key K1 used for encryption and decryption by data encryption / decryption unit 15, first key encryption / decryption A first key storage unit 18B for storing the encrypted shared key Km1 encrypted by the unit 191, and a second key encryption / decryption unit responsible for encryption and decryption of the intermediate key X1 used for encryption and decryption of the shared key K1 192, a second key storage unit 18C for storing the encrypted intermediate keys Xm1, Xm2, and Xm3, and a key update unit 193 for updating the key. . The information storage unit 18A, the first key storage unit 18B, and the second key storage unit 18C are all configured by the magnetic disk 18 shown in FIG. 5 and correspond to different storage areas on the magnetic disk 18. The first key encryption / decryption unit 191, the second key encryption / decryption unit 192, and the key update unit 193 are configured by the MPU 19 (FIG. 5) that executes corresponding processing. Moreover, the password input part B is comprised by the part which receives a password among MPU19 (FIG. 5) which performs a corresponding process, and I / F11 shown in FIG. In addition, the data input / output unit A is configured by a part for transferring data in the I / F 11 shown in FIG.

  The data input / output unit A receives the data D from the host computer H and supplies it to the data encryption / decryption unit 15 in the data writing process. Further, the data input / output unit A outputs information generated by the data encryption / decryption unit 15 to the host computer H in the data reading process.

  The data encryption / decryption unit 15 encrypts the data D1 received by the data input / output unit A from the host computer H during the data writing process of the HDD 1 using the shared key K1, and generates encrypted data Dm1. The encrypted data Dm1 encrypted by the data encryption / decryption unit 15 is stored in the information storage unit 18A. The data encryption / decryption unit 15 receives the shared key K1 during the data reading process of the HDD 1, and uses the shared key K1 to decrypt the encrypted data Dm1 stored in the information storage unit 18A to obtain the data D1. Is generated. The decrypted data D1 is sent to the data input / output unit A. As described above, the shared key K1 is used for both encryption and decryption in the data encryption / decryption unit 15. Here, the function responsible for encryption in the data encryption / decryption unit 15 corresponds to an example of the information encryption unit in the basic mode described above, and the function responsible for decryption in the data encryption / decryption unit 15 is the information in the basic mode described above. This corresponds to an example of a decoding unit. The shared key K1 corresponds to an example of the first key in the basic form described above.

  The first key storage unit 18B stores an encrypted shared key Km1 obtained by encrypting the shared key K1 with the intermediate key X1.

  The first key encryption / decryption unit 191 generates the shared key K1 by decrypting the encrypted shared key Km1 stored in the first key storage unit 18B using the intermediate key X1. The generated shared key K1 is input to the data encryption / decryption unit 15. The first key encryption / decryption unit 191 also encrypts the shared key when the shared key K1 is updated. As an encryption and decryption algorithm of the first key encryption / decryption unit 191, for example, AES is adopted, but other common key encryption methods such as triple DES can be adopted besides AES. The intermediate key X1 is a key used for both encryption and decryption of the shared key K1. Here, the first key encryption / decryption unit 191 corresponds to an example of the first key decryption unit in the basic form described above. The intermediate key X1 corresponds to an example of the second key in the basic form described above.

  The second key storage unit 18C stores a plurality of encrypted intermediate keys Xm (Xm1, Xm2, Xm3) obtained by encrypting the intermediate key X1 with a plurality of passwords P (P1, P2, P3). The intermediate key X1 encrypted with the first password P1 is the first encrypted intermediate key Xm1, and the intermediate key X1 encrypted with the second password P2 is the second encrypted intermediate key. Xm2, and the intermediate key X1 encrypted with the third password P3 is the third encrypted intermediate key Xm3.

  The password input unit B inputs the passwords P1, P2, and P3 transmitted from the host computer H to the second key encryption / decryption unit 192.

  The second key encryption / decryption unit 192 uses the encrypted intermediate keys Xm1, Xm2, and Xm3 stored in the second key storage unit 18C that are encrypted with the input password. To generate the intermediate key X1. Each of the encrypted intermediate keys Xm1, Xm2, and Xm3 is obtained by encrypting the intermediate key X1 using the corresponding passwords P1, P2, and P3. In contrast to the encryption, the corresponding passwords P1, P2, and Pm3 are encrypted. By decrypting using P3, a common intermediate key X1 is obtained. The generated key of the intermediate key X1 is input to the first key encryption / decryption unit 191. As an encryption and decryption algorithm of the second key encryption / decryption unit 192, for example, AES is adopted, and other common key encryption methods such as triple DES can be adopted besides AES. Each of the passwords P1, P2, and P3 is used for both encryption and decryption of the intermediate key X1. Here, the second key encryption / decryption unit 192 corresponds to an example of the second key decryption unit in the basic mode described above. The passwords P1, P2, and P3 correspond to an example of the third key in the basic form described above.

  The key update unit 193 receives the key update command and generates a new shared key K2 that replaces the shared key K1. Then, the data encryption / decryption unit 15 encrypts the data generated with the original shared key K1 with the new shared key K2, and the encrypted data stored in the information storage unit 18A with the new encrypted data Dm2. Rewrite Dm1. Also, the key update unit 193 encrypts the new shared key K2 using the intermediate key X1, generates an encrypted shared key Km2, and rewrites the encrypted shared key Km1 stored in the first key storage unit 18B. . More specifically, the key update unit 193 causes the first key encryption / decryption unit 191 to encrypt the shared key K2.

  Next, processing in the HDD 1 will be described.

  FIG. 7 is a flowchart showing a process corresponding to the data read command in HDD 1 shown in FIG.

  When a data read command is sent from the host computer H (see FIG. 5), a password is sent along with the data read command. When receiving the password (S11), the password input unit B determines whether or not the received password is legitimate (S12). If it is determined that the password does not satisfy a certain rule (S12), the host command is notified of a command processing failure at a stage before data reading. As a determination method, for example, a method in which a redundant code is included in the password and a checksum or CRC is determined is adopted. In addition to this, the password is encrypted and stored by a simple method and received. It is also possible to adopt a method of encrypting the password and confirming the match.

  If it is determined that the password received in the determination process in step S12 is legitimate (Yes in S12), then the second key encryption / decryption unit 192 uses the password to perform the second key encryption / decryption. The intermediate key X1 is generated by decrypting the encrypted intermediate key Xm stored in the decryption unit 192 (S13).

  Next, the first key encryption / decryption unit 191 decrypts the encrypted shared key Km1 stored in the first key storage unit 18B by using the intermediate key X1 generated by the second key encryption / decryption unit 192. Thus, the shared key K1 is generated (S14). Next, the data encryption / decryption unit 15 decrypts the encrypted data Dm1 stored in the information storage unit 18A using the shared key K1 generated by the first key encryption / decryption unit 191 to obtain the data D1. Generate (S15).

  Next, the data input / output unit A outputs the data D1 generated by the data encryption / decryption unit 15 to the host computer H (S16). As a result, data D1 is output in response to the read command accompanied by the password.

  The process corresponding to the data read command has been described above, but the process from step S11 to step S14 shown in FIG. 7 is common to the data write process corresponding to the data write command. In the data writing process, instead of step S15 shown in FIG. 7, the data encryption / decryption unit 15 is received by the data input / output unit A using the shared key K1 generated by the first key encryption / decryption unit 191. The data D1 is encrypted to generate encrypted data Dm1, and the information storage unit 18A stores the encrypted data Dm1 encrypted by the first key encryption / decryption unit 191 instead of step S16 shown in FIG.

  FIG. 8 is a flowchart showing processing corresponding to the key update command in the HDD 1 shown in FIG.

  When the HDD 1 receives a key update command from the host computer H (S21), the key update unit 193 changes the current shared key K1 to the shared key K2 (S22). More specifically, the key update unit 193 generates a shared key K2 having a value different from that of the current shared key K1. The value of the new shared key K2 can be arbitrarily determined by a random number or the like.

  Next, the key updating unit 193 encrypts and stores the new shared key K2 with the intermediate key X1 (S23). More specifically, the key update unit 193 causes the first key encryption / decryption unit 191 to generate the encrypted shared key Km2 by encrypting the new shared key K2 using the intermediate key X1, and this encryption key Shared key Km2 is stored in first key storage unit 18B.

  Next, the key update unit 193 re-encrypts the data with the changed shared key K2 (S24). More specifically, the key update unit 193 first causes the data encryption / decryption unit 15 to generate the data D1 by decrypting the encrypted data Dm1 of the information storage unit 18A before the change using the shared key K1. . Next, the key update unit 193 causes the data encryption / decryption unit 15 to generate new encrypted data Dm2 by encrypting the generated data D1 using the new shared key K2, and this encrypted data Dm2 Is stored in the information storage unit 18A. Through the processes in steps S22 to S24, the shared key K2 is updated, and the information in the information storage unit 18A is also re-encrypted using the updated shared key K2.

  In order to execute the key update process shown in FIG. 8, the shared key K1 is necessary for temporarily decrypting the encrypted data Dm1 stored in the information storage unit 18A, and the updated shared key K1 is used. The intermediate key X1 is necessary for encrypting. However, the shared key K1 and the intermediate key X1 are stored in an encrypted state after the HDD 1 is turned on. For this reason, the key update process shown in FIG. 8 is normally performed after the power is turned on, after a read command and a write command are input to the HDD 1 and at least one of the passwords P1, P2, and P3 is input. Executed. Also, when a login command for inputting a password is input to the HDD 1, the password is input, and thereafter, the key update process is normally executed.

  FIG. 9 is a diagram for explaining the encryption state of the key in the HDD shown in FIG. The intermediate key frame shown in the password frame in FIG. 9 indicates that the intermediate key is encrypted by the password, and the shared key frame shown in the intermediate key frame is that the shared key is intermediate. It shows that it is encrypted with a key.

  As shown in FIG. 9, when one password P2 of three passwords is input in the key update process, the intermediate key X1 is obtained from the encrypted intermediate key Xm2 using the password P2. The intermediate key X1 is common to the three passwords, and the intermediate key X1 having the same contents can be obtained by using any of the three passwords. Using this intermediate key X1, the shared key K1 is obtained from the encrypted shared key Km1. In the key update process shown in FIG. 8, the shared key K1 is changed to a new value of the shared key K2, and the changed shared key K2 is encrypted using the intermediate key X1 to become the encrypted shared key Km2. Therefore, in the HDD 1, when the encrypted data Dm1 on the magnetic disk 18 and the shared key K1 for encryption are updated by the key update process, the intermediate key X1 for the three passwords P1, P2, and P3 is not changed. Therefore, it is not necessary to change the encryption intermediate keys Xm1, Xm2, and Xm3 using the passwords P1, P2, and P3. For this reason, even if one of the plurality of users inputs a password (for example, P2) and performs key update processing, reading of data by another password of another user is not hindered thereafter. Regardless of the use of other users, the user can update the key at an arbitrary timing to maintain the confidentiality of the data.

  Next, a specific second embodiment of the information storage device will be described. In the following description of the second embodiment, the same reference numerals are given to the same elements as those in the embodiments described so far, and differences from the above-described embodiments will be described.

  FIG. 10 is a block diagram illustrating a schematic configuration of blocks related to HDD encryption / decryption according to the second embodiment.

  The HDD 2 of the second embodiment has the same hardware configuration as that of the HDD 1 of the first embodiment shown in FIG. 5, and the processing contents by the MPU are different. Specifically, in the HDD 2 shown in FIG. 10, the intermediate key Y1 includes the manufacturing serial number α as unique information unique to the HDD 2. The manufacturing serial number α is assigned a different value for each product of the HDD 2. The value of the production serial number α is stored as part of the program of the MPU 19 in the flash ROM 20 (see FIG. 5).

  When decrypting the encrypted intermediate key Xm, the second key encryption / decryption unit 292 of the HDD 2 decrypts the encrypted intermediate key Xm stored in the second key storage unit 18C by using, for example, AES, Further, the production serial number α stored in the flash ROM 20 is added to obtain the intermediate key Y1. The first key encryption / decryption unit 191 of the HDD 2 encrypts or decrypts the shared key using the intermediate key Y1.

  When the second key encryption / decryption unit 292 encrypts the intermediate key Y1, the production serial number α is removed from the intermediate key Y1, and encryption is performed using AES.

  In the HDD 2 of the second embodiment, the intermediate key Y1 is different for each product. For this reason, if the intermediate key Y1 of the HDD 2 is extracted outside by some method by a third party, even if the extracted intermediate key is transplanted, that is, stored in another product, the data on the magnetic disk is normally decrypted. Not. Therefore, unauthorized use of data can be suppressed.

  In the above-described second embodiment, the example in which the manufacturing serial number is included in the key necessary for generating the shared key K has been described. Subsequently, the information storage device in which information included in the key can be arbitrarily selected A specific third embodiment will be described. In the following description of the second embodiment, the same reference numerals are given to the same elements as those in the embodiments described so far, and differences from the above-described embodiments will be described.

  FIG. 11 is a block diagram illustrating a schematic configuration of blocks related to HDD encryption / decryption according to the third embodiment.

  The HDD 3 of the third embodiment has the same hardware configuration as the HDD 1 of the first embodiment shown in FIG. The HDD 3 illustrated in FIG. 11 updates the value of the encryption variable β stored in the variable value storage unit 30 and the variable value storage unit 30 that stores the value of the encryption variable β that is a variable used for key generation. A variable value update unit 393 is provided. The variable value storage unit 30 is composed of the flash ROM 20 shown in FIG. 5, and the address where the value of the encryption variable β is stored is fixed. The variable value update unit 393 is configured by the MPU 19 (FIG. 5) that executes the update process of the encryption variable β. When the variable value update unit 393 receives the encryption variable command from the host computer H, the variable value update unit 393 updates the value of the encryption variable β in the variable value storage unit 30 with the variable value transmitted along with the encryption variable command.

  The encrypted shared key Km1 stored in the first key storage unit 38B of the HDD 3 is obtained by encrypting the shared key K1 with a combination of the intermediate key X1 and the encryption variable β. Further, the first key encryption / decryption unit 391 of the HDD 3 decrypts the encrypted shared key Km1 stored in the first key storage unit 38B with a combination of the intermediate key X1 and the encryption variable β to obtain the shared key K1. Generate.

  FIG. 12 is a flowchart showing processing corresponding to the key update command in the HDD shown in FIG.

  When the HDD 3 receives a key update command from the host computer H (S31), the key update unit 193 changes the current shared key K1 to the shared key K2 (S32). The processes in steps S31 and S32 are the same as the processes in steps S21 and S22 shown in FIG.

  Next, the key updating unit 193 encrypts and stores the new shared key K2 with a key obtained by combining the intermediate key X1 and the encryption variable β (S33). The key update unit 193 stores the encrypted shared key Km2 generated by encryption in the first key storage unit 38B.

  Thereafter, the key update unit 193 re-encrypts the data using the changed shared key K2 (S34). The processing in step S34 is the same as the processing in step S24 shown in FIG.

  In the HDD 3 of the third embodiment, an encrypted shared key Km1 obtained by encrypting the shared key K1 with a combination of the intermediate key X1 and the encryption variable β is stored in the first key storage unit 38B. Also, since the encryption variable β is stored at a specific address in the variable value storage unit 30 and can be changed by an encryption variable command, a third party cannot easily infer it. Therefore, unauthorized use of data can be suppressed.

  In the specific embodiments, the third embodiment in which the intermediate key and the encryption variable β are combined and the second embodiment in which the intermediate key includes the manufacturing serial number α have been described as different embodiments. The encryption variable β and the production serial number α may be combined, that is, the intermediate key includes the production serial number α and a combination of the intermediate key and the encryption variable β may be used as a decryption key.

  In each specific embodiment, an example of three passwords P1, P2, and P3 has been described as a plurality of third keys in the basic form. However, the number of third keys is not limited to three, but two or There may be four or more.

  In each specific embodiment, an example of the HDD has been described as the information storage device in the basic form and the application form. However, the information storage device is not limited to the HDD, and includes a magneto-optical disk device and other recording media. It may be a device.

  Further, in each specific embodiment, the example in which the first key decryption unit and the second key decryption unit in the basic mode operate in the data read process and the data write process has been described. However, in order to avoid decrypting the first key and the second key each time data is read or written, the first key decryption unit and the second key decryption unit, for example, perform the data read processing shown in FIG. The processing from step S12 to step S14 may be executed as an independent login process, and the decrypted key may be stored in the RAM. In this case, the remaining processing is executed as data reading processing, and once the login processing is performed, data can be read and written without re-entering the password until the power is turned off.

It is a block diagram which shows schematic structure in the hard disk drive (HDD) as an information storage device of a prior art. 2 is a flowchart showing a process of reading data in the HDD shown in FIG. 3 is a flowchart showing processing for changing a data key in the HDD shown in FIG. 1. It is a figure explaining the encryption state of the data key in HDD shown in FIG. 1 is a block diagram showing a hardware configuration of an HDD that is a specific first embodiment of an information storage device. FIG. FIG. 6 is a block diagram showing a schematic configuration of blocks related to encryption / decryption of the HDD shown in FIG. 5. It is a flowchart which shows the process corresponding to the data read command in HDD1 shown in FIG. It is a flowchart which shows the process corresponding to the key update command in HDD1 shown in FIG. It is a figure explaining the encryption state of the key in HDD shown in FIG. It is a block diagram which shows schematic structure of the block in connection with encryption / decryption of HDD of 2nd Embodiment. It is a block diagram which shows schematic structure of the block in connection with encryption / decryption of HDD of 3rd Embodiment. 12 is a flowchart showing processing corresponding to a key update command in the HDD shown in FIG.

Explanation of symbols

1, 2, 3 HDD (information storage device)
A Data input / output unit (information output unit)
15 Data encryption / decryption unit (information encryption unit)
17 Read / write channel (information decryption unit, information encryption unit)
18A Information storage unit 18B, 38B First key storage unit 18C Second key storage unit 191 First key encryption / decryption unit (first key decryption unit)
192 Second key encryption / decryption unit (second key decryption unit)
193 Key update unit 30 Variable value storage unit 393 Variable value update unit D1 data Dm1, Dm2 Encrypted data (encryption information)
K1, K2 shared key (first key)
Km1, Km2 encryption shared key (first encryption key)
X1, Y1 intermediate key (second key)
Xm1, Xm2, Xm3 encryption intermediate key (second encryption key)
P1, P2, P3 password (third key)
α Manufacturing serial number (specific information)
β Cryptographic variable (variable)

Claims (3)

An information encryption unit that encrypts information with a first key used for both encryption and decryption of the information to generate encrypted information;
An information storage unit for storing the encrypted information encrypted by the information encryption unit;
An information decryption unit that receives the first key and uses the first key to decrypt the encrypted information stored in the information storage unit to generate the information;
A first key storage unit for storing a first encryption key, wherein the first key is encrypted with a second key used for both encryption and decryption of the first key;
When the second key is input and the second key is used, the first encryption key stored in the first key storage unit is decrypted to generate the first key. A first key decryption unit for inputting a first key to the information decryption unit;
A second key storage unit that stores a plurality of second encryption keys, each of which is encrypted with each of a plurality of third keys used for both encryption and decryption of the second key. When,
The third key is input, and the third key is used to encrypt the second encryption key stored in the second key storage unit with the input third key. A second key decryption unit that decrypts a second encryption key to generate the second key, and inputs the generated second key to the first key decryption unit;
An information output unit that receives an information output command and outputs the information generated by the information decoding unit;
In response to the key update command, a new first key is generated in place of the first key generated by the first key decryption unit, and the information encryption unit receives the original first key in the information decryption unit. The information generated by the key is encrypted with the new first key, and the encrypted information stored in the information storage unit is rewritten with the new encrypted information generated with the new first key. The new first key is encrypted with the second key generated by the second key decryption unit to generate a new first encryption key, and the first key is used with the new first encryption key. An information storage device comprising: a key update unit that rewrites the first encryption key stored in the one-key storage unit.   2. The information storage device according to claim 1, wherein the second key includes unique information unique to the information storage device. A variable value storage unit for storing variable values and having a fixed location;
A variable value update unit that updates the value of the variable stored in the value storage unit,
The first key storage unit stores a first encryption key obtained by encrypting the first key with a combination of the second key and a value stored in the variable value storage unit. ,
The first key decryption unit stores the first encryption key stored in the first key storage unit in the second key generated by the second key decryption unit and the variable value storage unit. 3. The information storage device according to claim 1, wherein the first key is generated by decrypting in combination with a certain value.

Images